Insecure Cryptographic Storage
Insecure Cryptographic Storage Defined
A common vulnerability occurs when sensitive data is not stored securely from internal users. Often, it is assumed that data storage will not be examined by an arbitrary user. But many users within the organization have access to the registry, temporary files, and databases. It’s possible for these users to access sensitive data in its unencrypted format using temporary, hidden, and registry files. It is also possible for an attacker to gain access using another one of the OWASP Top 10 vulnerabilities such as Direct Object Access.
So, to ensure security, begin by identifying all sensitive data and encrypt that data even when it’s stored on a hard drive. Ensure that sensitive data cannot be easily overwritten and overwrite sensitive memory locations immediately. Then, identify the people who should and shouldn’t have knowledge of secrets such as proprietary algorithms, encryption keys, and DRM. In most cases, it’s recommended to hide these secrets from even the administrator. Additionally, identify all sensitive data read into the memory and overwrite it with random data.
To ensure secure storage of sensitive data, follow these steps:
- Identify all sensitive data and encrypt it even when it’s stored on a hard drive
- Ensure that sensitive data cannot be overwritten
- Overwrite sensitive memory locations immediately after the data is no longer needed in memory
- Identify people who should and shouldn’t know secrets
- Keep secrets such as proprietary algorithms, encryption keys, and DRM even from the administrator
- Identify sensitive data read into memory, overwrite it with random data, and use strong encryption to safeguard it
Insecure Crypto Video
|
